Privacy Policy

Your privacy is important to us. This policy explains how DriveFlow collects, uses, and protects your information.

Last Updated: November 7, 2025

This Privacy Policy describes how DriveFlow ("we," "us," or "our") collects, uses, and discloses your information in connection with your use of our application and services.

By using our service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

DriveFlow is designed to process your files while respecting your privacy. Here's exactly what we collect and why.

Information You Provide to Us:

  • Account Data: When you create an account, we collect your name, email address, and authentication credentials (via OAuth 2.0). This information is used exclusively to authenticate you and manage your account.
  • Cloud Storage Credentials: We store OAuth 2.0 tokens to access your connected cloud storage (Google Drive, OneDrive, or Dropbox). These tokens allow DriveFlow to read file metadata and organize your files on your behalf.
  • File Metadata Only: We store minimal metadata including:
    • • File names and folder paths
    • • File IDs and parent folder relationships
    • • Suggested file names and organization recommendations
    • • Confidence scores and reasoning for our AI suggestions
    • • Timestamps of when files were processed

What We DO NOT Store:

  • File Content: DriveFlow never stores the actual content of your documents. During processing, files are temporarily downloaded to secure servers, analyzed using OCR (PaddleOCR) and AI (Llama 3.1 via Groq API), and then immediately deleted from our servers.
  • Personal Data from Documents: Social security numbers, bank account details, addresses, or any sensitive information contained within your files are never retained.

Information Collected Automatically:

  • Usage Data: We collect information on how you interact with our service, such as the features you use, processing timestamps, and error logs. This helps us improve DriveFlow's accuracy and performance.
  • Device Information: Basic device metadata (device type, operating system, browser type) to ensure compatibility and optimal performance.

2. How We Use Your Information

DriveFlow uses collected information solely to provide and improve our file organization service:

  • To Provide and Maintain Our Service: File metadata is used to generate intelligent naming and organization suggestions. Our AI analyzes document content temporarily during processing to extract document type, client names, and dates for optimal file organization.
  • Context-Based Recommendations: We analyze your existing folder structure to provide context-aware suggestions that match your current organization patterns, ensuring consistency across your files.
  • To Improve Model Accuracy: We use aggregated, anonymized usage patterns (such as which suggestions users accept or reject) to improve the accuracy of our document classification and naming algorithms. Individual file content is never used for model training.
  • For Communication: We may use your email to send you important service updates, security alerts, and processing notifications.
  • For Security and Compliance: We monitor system activity to detect and prevent unauthorized access, ensure data integrity, and comply with legal obligations.

3. How We Share Your Information

DriveFlow does not sell your personal information or file data to anyone. We work with limited third-party service providers solely to deliver our core functionality:

  • AI Processing Provider (Groq): File content extracted via OCR is temporarily sent to Groq's API (using Llama 3.1 8B model) for document analysis and classification. Groq processes this data with zero data retention — meaning your document content is immediately discarded after inference and never used for model training or stored by Groq.
  • Cloud Infrastructure (Google Cloud Platform): DriveFlow runs on Google Cloud's secure infrastructure. Metadata (file names, paths, suggestions) is stored in Firebase/Firestore. All data is encrypted at rest and in transit.
  • Cloud Storage Providers (Google, Microsoft, Dropbox): When you connect your cloud storage account, we use OAuth 2.0 to securely access your files. We only request the minimum necessary permissions to read and organize files. Your files remain in your own cloud storage at all times.
  • With Your Consent: We may share your information with third parties when you give us explicit permission to do so (for example, if you choose to share files with collaborators).
  • For Legal Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4. Data Security & Processing

DriveFlow is built with security and privacy at its core. Here's how we protect your data at every step:

Encrypted Cloud Access

All connections to your cloud storage (Google Drive, OneDrive, Dropbox) use OAuth 2.0, the industry-standard authentication protocol. We never see or store your cloud storage passwords. All file transfers occur over encrypted HTTPS connections.

Temporary Processing, Zero Storage

When you select files to organize, here's exactly what happens:

  1. Files are temporarily downloaded to a secure, isolated processing environment
  2. PaddleOCR extracts text from documents (locally on our servers)
  3. Extracted text is sent to Groq API for AI analysis via encrypted API connection
  4. AI suggests optimal file names and folder placements based on content
  5. All temporary files are immediately deleted from our servers after processing
  6. Only metadata (suggested names, confidence scores) is saved to your account

Important: No file content is ever retained on DriveFlow servers after processing completes.

AI Models with Zero Data Retention

Our AI provider (Groq) operates under a zero data retention policy. This means:

  • Your document content is never logged, stored, or used for training AI models
  • Data is processed in real-time and immediately discarded after generating suggestions
  • Groq cannot access your file content after the API request completes

Enterprise-Grade Infrastructure

  • • Hosted on Google Cloud Platform with 99.99% uptime SLA
  • • All stored data encrypted at rest and in transit (TLS 1.3)
  • • Regular security audits and vulnerability assessments
  • • Isolated processing environments prevent cross-contamination between users

Note: While we implement industry-leading security measures, no system is 100% secure. We recommend using strong passwords and enabling two-factor authentication on your cloud storage accounts.

5. Compliance & Transparency

DriveFlow is committed to following data protection best practices and respecting user privacy rights.

GDPR & CCPA Principles

While DriveFlow is not yet formally certified under GDPR or CCPA, we design our service to align with the core principles of these regulations:

  • Data Minimization: We only collect and store the minimum data necessary to provide our service
  • Purpose Limitation: Your data is used solely for file organization and service improvement
  • Transparency: This policy clearly explains what data we collect and how it's used
  • User Rights: You can access, modify, or delete your data at any time (see section 6)
  • Security: We implement appropriate technical measures to protect your information

Note on Compliance: As DriveFlow grows, we are committed to obtaining formal compliance certifications. We will update this policy and notify users as our compliance posture matures. If you have specific compliance requirements or questions, please contact us at driveflow10@gmail.com

6. Your Data Rights & Control

You maintain full control over your data in DriveFlow. Here are your rights:

Access Your Data

You can view all file metadata, suggestions, and processing history stored in your DriveFlow account through the dashboard at any time.

Disconnect Cloud Storage

You can disconnect DriveFlow from your cloud storage (Google Drive, OneDrive, or Dropbox) at any time from your account settings. This immediately revokes DriveFlow's access to your files. Your files in cloud storage remain completely unaffected.

Delete Your Metadata

You can request deletion of all metadata DriveFlow has stored about your files (suggestions, folder structures, processing history). Note that this does not affect your actual files in cloud storage, only DriveFlow's organizational metadata.

Delete Your Account

You can permanently delete your DriveFlow account at any time. This will:

  • Remove all stored metadata (file suggestions, folder structures, processing history)
  • Delete your OAuth tokens and disconnect all cloud storage providers
  • Erase your account information (name, email, preferences)
  • Your files remain safe: Account deletion does not affect your files in cloud storage

Export Your Data

Contact us at driveflow10@gmail.com to request an export of all metadata DriveFlow has stored about your account.

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you via email. We encourage you to review this policy periodically to stay informed about how we protect your data.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how DriveFlow handles your data, we're here to help.

Email us at: driveflow10@gmail.com

We typically respond to privacy inquiries within 48 hours.

© 2025 DriveFlow. All rights reserved.